December 2008 - Pki-users - Dogtag Pki List Archives

by Zach Casper

We have followed all steps to install/run Fedora Dogtag/FDS using default settings. We have also added users/certificates from within the CA/RA subsystems. We are now to the point we need to format and enroll some smart cards, however, the LDAP Authentication dialog appears and no combination of LDAP User ID/Password work. We've tried cn=Directory Manager, Admin, pkiuser.all without luck. I know we must have users already in FDS but this documentation seems not to exist. How do we either add users in FDS so that we can continue to format and enroll smart cards? Are we missing something? -- Zach Casper Envieta LLC

16 years, 8 months

4
5
0 / 0

ESC Format / Enroll Error

by Zach Casper

We have an Infineon Smart Card and currently we are unable to Format/Enroll due to the following ESC Error "Formatting of smart card failed. Error: The Smart Card Server cannot upgrade the software on your smart card." And Diagnostics show this error: "Attempting to Format Key, ID: ####### - Key Format failure, Error: 19." This card comes up as "Formatted" because we've manually installed a version of the Dogtag applet prior to using ESC & Dogtag. Any advice on how we can troubleshoot? -- Zach Casper Envieta LLC ----------------------------------------

16 years, 8 months

4
9
0 / 0

RE: [Pki-users] ESC Format / Enroll Error

by Zach Casper

Tps-debug log shows the following: RA_Format_Processor::Process - applet upgrade failed Tps-error log show the following: RA_Processor::SetupSecureChannel - Failed to create a secure channel 0- potentially due to an RA/TKS key mismatch or differing RA/TKS key versions. RA_Processor::UpgradeApplet -0 channel create failure And a series of Bad Response when trying to SelectApplet or GetStatus zach _____________________________________________ From: Jack Magne [mailto:jmagne@redhat.com] Sent: Tuesday, December 23, 2008 1:10 PM To: Zach Casper Subject: Re: [Pki-users] ESC Format / Enroll Error The first step would be to take a look at the tps log or smart card server. These can be found at: /var/lib/pki-tps/logs/tps-debug.log Search the bottom of the log for error 19 and it should give you an idea of what TPS was trying to do at the time. Zach Casper wrote: > > We have an Infineon Smart Card and currently we are unable to > Format/Enroll due to the following ESC Error > > "Formatting of smart card failed. Error: The Smart Card Server cannot > upgrade the software on your smart card." > > And Diagnostics show this error: > > "Attempting to Format Key, ID: ####### - Key Format failure, Error: 19." > > This card comes up as "Formatted" because we've manually installed a > version of the Dogtag applet prior to using ESC & Dogtag. > > Any advice on how we can troubleshoot? > > -- > > Zach Casper > > Envieta LLC > > ---------------------------------------- > > ------------------------------------------------------------------------ > > _______________________________________________ > Pki-users mailing list > Pki-users(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-users >

16 years, 9 months

4
12
0 / 0

User-supplied public-key into cert

by Adewumi, Julius-p99373

Is there a way to make CA sign a "user-supplied public-key" certificate, so that the Cert is more or less like an ID card? i.e The CA is not to generate key pairs but to just accept the data and put it in a certificate as public-key for userid. From: Julius Adewumi @GDC4S.com Ph:480-441-6768 Contract Corp:MTSI

16 years, 9 months

3
2
0 / 0

ESC Configuration

by Zach Casper

I've been receiving an error from ESC (Smart Card Manager) that states. Smart Card Manager is misconfigured. It then does not allow me to config or enroll. Any advice? I know I need to adjust my URL for the TPS. Is this info stored on the card or in ESC settings? Also, what is the best way to remove the coolkey applet from a card and start over w/ a fresh configuration? -- Zach Casper

16 years, 10 months

3
3
0 / 0

Install DCS on RHEL4

by lanjelot

Hi list. I am currently struggling to install DCS on RHEL4 AS update3. And I am actually wondering if I have any chance to succeed. I followed to the PKI_Install_Guide, and so far I have passed the Prerequisites section successfully. But now that I am at the DCS install stage using Yum, trouble is onto me. I have only two repos enabled in my /etc/yum.repos.d directory: - pki.yum (which I downloaded as instructed by the install guide) - fedora.yum (which I have created as follows:) $ cat fedora.yum [fedora] name=Fedora baseurl=http://ftp.lip6.fr/ftp/pub/linux/distributions/fedora/releases/8/Everything/i386/os/ enabled=0 gpgcheck=0 As you see, I am addressing a Fedora8 repository. So I just go like fine let's run yum install pki-ca, but then it fails awfully complaining about "missing dependency" errors, and some "pkg_foo conflicts with pkg_bar", and there are at least 50 of them. So.... I guess I am doing it wrong. Maybe there is a better way to install DCS on RHEL4, but I fail to see one. Can you help me with that? Thanks heaps! PS. I am actually required to stick with RHEL4, I cannot go for a fresh Fedora8+ install. I know it's stupid since I am actually attempting to upgrade to Fedora8 but this is not an option for our customer.

16 years, 10 months

2
1
0 / 0

ESC Smart Card Management

by Zach Casper

I've been attempting to Format a smart card on Fedora 8 with all Dogtag PKI subsystems installed and running. I insert a smart card and press the Format button in ESC which launches the LDAP Authentication dialog. I assme these credentials are the UID and password pair I created fro the pki-tps instance and the url to use would be the http:// <http://%3cfully-qualified-domain-name%3e:7888> <fully-qualified-domain-name>:7888 (7889 for secure) Does this sound correct? It does not authenticate and I cannot Format my cards. -- Zach Casper

16 years, 10 months

2
1
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-users December 2008